GDPR News Center News for 10-06-2018

GDPR compliance deadline is approaching: 10 things to do right away

Under the GDPR and other data protection and privacy laws, personal data should be treated as the most precious asset owned by the enterprise. Businesses should hold training sessions to explain the details of GDPR compliance to make sure every employee is aware of their role in protecting data throughout the organization. A typical GDPR policy will establish procedures and protocols limiting access to personal data, set consent standards, and provide for practical procedures regarding the data subject’s right to access and, if requested, delete their personal data. Besides creating a foundation for GDPR specifically, enterprises should also develop and implement a full set of policies regarding data security. Policies dealing with intrusion detection, data classification, privacy protection, password management, auditing and logging, and encryption, just to name a few, should all be developed in support of an overall GDPR compliance policy.

One of the major provisions of the GDPR is the concept of acquiring clear consent to use personal data from the data subjects themselves. While the GDPR requires policies and procedures that establish enterprise-wide data security, there are also specific provisions of the regulation that require organizations to provide data subjects with access to their data. If your enterprise does not currently provide these mechanisms for all data subjects, it is not in compliance with the GDPR and is subject to fines and penalties. To establish compliance with the GDPR, enterprises should implement procedures that require these steps and retrain personnel to include data protection in all development processes. SEE: Hiring kit: GDPR data protection compliance officer.

The GDPR requires enterprises to perform Data Protection Impact Assessments for any new processing or changes to processing deemed to represent a high risk to the privacy and protection of personal data. The documentation of this auditing procedure could reveal areas of data privacy and protection vulnerability and advance the enterprise toward the goal of GDPR compliance.

Our GDPR Commitment

With massively destructive data breaches hitting companies and even governments on a seemingly regular basis, sophisticated uses of personal data, and our on-demand data-driven way of life – the ability to process data and keep it private is critical. To ensure SurveyGizmo is responsibly processing data, our customers will have 24/7/365 access to a standard Data Processing Addendum as it becomes available. Company-wide GDPR training will take place before the May 25 deadline, ensuring all Gizmos are familiar with the regulation and our ongoing commitment to protecting data. Our data center in Germany signifies our invested partnership with our European-based clients, and allows us to keep EU data within the EU, eliminating many risks associated with transcontinental data transfers. With some of the strictest data privacy laws in all of the EU, Germany was quickly decided to be the home of our EU Data Center.

Customers can exercise all or any of their individual rights under GDPR. As a SurveyGizmo customer, you can request any or all of their GDPR individual rights on your data through multiple systems and processes – via phone, email, or through our main website. Individuals have the right to access their personal data and supplementary information. Individuals have the right to object to: Data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority; Direct marketing;and Data processing for purpose of scientific/historical research and statistics. A data controller is a person who determine the purposes for which and the manner in which any personal data are, or are to be processed.

In relation to personal data, a data processor is any person who processes the data on behalf of the data controller. A subprocessor can process personal data on behalf of the data exporter and is often a third-party. Disclosure of the information or data by transmission, dissemination or otherwise making available, or Alignment, combination, blocking, erasure or destruction of the information or data.

Our GDPR Commitment

With massively destructive data breaches hitting companies and even governments on a seemingly regular basis, sophisticated uses of personal data, and our on-demand data-driven way of life – the ability to process data and keep it private is critical. To ensure SurveyGizmo is responsibly processing data, our customers will have 24/7/365 access to a standard Data Processing Addendum as it becomes available. Company-wide GDPR training will take place before the May 25 deadline, ensuring all Gizmos are familiar with the regulation and our ongoing commitment to protecting data. Our data center in Germany signifies our invested partnership with our European-based clients, and allows us to keep EU data within the EU, eliminating many risks associated with transcontinental data transfers. With some of the strictest data privacy laws in all of the EU, Germany was quickly decided to be the home of our EU Data Center.

Customers can exercise all or any of their individual rights under GDPR. As a SurveyGizmo customer, you can request any or all of their GDPR individual rights on your data through multiple systems and processes – via phone, email, or through our main website. Individuals have the right to access their personal data and supplementary information. Individuals have the right to object to: Data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority; Direct marketing;and Data processing for purpose of scientific/historical research and statistics. A data controller is a person who determine the purposes for which and the manner in which any personal data are, or are to be processed.

In relation to personal data, a data processor is any person who processes the data on behalf of the data controller. A subprocessor can process personal data on behalf of the data exporter and is often a third-party. Disclosure of the information or data by transmission, dissemination or otherwise making available, or Alignment, combination, blocking, erasure or destruction of the information or data.